Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe

Product filter

Glibc Subscribe

Filter

108 total CVE
CVE Vendors Products Updated CVSS
CVE-2011-5320 1 Gnu 1 Glibc 2017-11-08 2.1
scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.
CVE-2017-15671 1 Gnu 1 Glibc 2017-10-25 4.3
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service...
CVE-2004-1453 1 Gnu 1 Glibc 2017-10-11 2.1
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by...
CVE-2004-0968 2 Gnu, Redhat 3 Glibc, Enterprise Linux, Enterprise Linux Desktop 2017-10-11 2.1
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
CVE-2003-0859 5 Quagga, Sgi, Intel and 2 more 7 Propack, Zebra, Linux Advanced Workstation and 4 more 2017-10-11 4.9
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
CVE-2002-1265 3 Apple, Gnu, Sgi 4 Mac Os X, Glibc, Irix and 1 more 2017-10-10 5.0
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
CVE-2000-0959 1 Gnu 1 Glibc 2017-10-10 1.2
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
CVE-2000-0824 1 Gnu 1 Glibc 2017-10-10 7.2
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own...
CVE-2013-0242 1 Gnu 1 Glibc 2017-08-29 5.0
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted...
CVE-2010-0830 1 Gnu 1 Glibc 2017-08-17 5.1
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute...
CVE-2009-4881 1 Gnu 1 Glibc 2017-08-17 5.0
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a...
CVE-2009-4880 1 Gnu 1 Glibc 2017-08-17 5.0
Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format...
CVE-2015-5277 3 Canonical, Gnu, Redhat 6 Ubuntu Linux, Glibc, Enterprise Linux Desktop and 3 more 2017-07-01 7.2
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the...
CVE-2013-4788 1 Gnu 2 Glibc, Eglibc 2017-07-01 5.1
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to...
CVE-2013-4458 2 Suse, Gnu 3 Glibc, Linux Enterprise Server, Linux Enterprise Debuginfo 2017-07-01 5.0
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that...
CVE-2013-4332 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2017-07-01 4.3
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3)...
CVE-2013-4237 1 Gnu 1 Glibc 2017-07-01 6.8
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2)...
CVE-2013-2207 2 Fedoraproject, Gnu 2 Glibc, Fedora 2017-07-01 2.6
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
CVE-2013-1914 1 Gnu 1 Glibc 2017-07-01 5.0
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that...
CVE-2012-6656 3 Debian, Canonical, Gnu 3 Debian Linux, Ubuntu Linux, Glibc 2017-07-01 5.0
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data...